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1 Cryptography and data security 
Dorothy Elizabeth Robling Denning 
January 1982 Book 

Publisher: Addison-Wesley Longman Publishing Co., Inc. 

Full text available: l fg] pdf(19.47 MB) Additional Information: full citation, abstract, references , citings, index 

terms 

From the Preface (See Front Matter for full Preface) 

Electronic computers have evolved from exiguous experimental enterprises in the 1940s 
to prolific practical data processing systems in the 1980s. As we have come to rely on 
these systems to process and store data, we have also come to wonder about their ability 
to protect valuable data. 

Data security is the science and study of methods of protecting data in computer and 
communication systems from unauthorized disclosure ... 

2 Multiagent systems and electronic markets track: Practical secrecy-preserving , 

^ verifiably correct and trustworthy auctions 

^ D. C. Parkes, M. O. Rabin, S. M. Shieber, C. A. Thorpe 

August 2006 Proceedings of the 8th international conference on Electronic 

commerce: The new e-commerce: innovations for conquering current 
barriers, obstacles and limitations to conducting successful business on 
the internet ICEC '06 
Publisher: ACM Press 

Full text available: ^| | pdf(507.45 KB ) Additional Information: full citation , abstract , references 

We present a practical system for conducting sealed-bid auctions that preserves the 
secrecy of the bids while providing for verifiable correctness and trustworthiness of the 
auction. The auctioneer must accept all bids submitted and follow the published rules of 
the auction. No party receives any useful information about bids before the auction closes 
and no bidder is able to change or repudiate her bid. Our solution uses Paillier's 
homomorphic encryption scheme [25] for zero knowledge proofs of ... 



Public-key cryptograph y and password protocols 
Shai Halevi, Hugo Krawczyk 

August 1999 ACM Transactions on Information and System Security (TISSEC), volume 2 
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Issue 3 
Publisher: ACM Press 

Full text available* 11!) pdf(275 84 KB) Add ' tional Information: full citation , abstract , references , citings, index 
' ^ : terms , review 

We study protocols for strong authentication and key exchange in asymmetric scenarios 
where the authentication server possesses ~a pair of private and public keys while the 
client has only a weak human-memorizable password as its authentication key. We 
present and analyze several simple password authentication protocols in this scenario, 
and show that the security of these protocols can be formally proven based on standard 
cryptographic assumptions. Remarkably, our analysis shows optimal re ... 

Keywords: dictionary attacks, hand-held certificates, key exchange, passwords, public 
passwords, public-key protocols 
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Ap proaches to cryptographic key management 
Paul G. Comba 

September 1986 Proceedings of the Northeast ACM symposium on Personal computer 
security PCS '86 

Publisher: ACM Press 

Full text available: *g] pdf(680.20 KB ) Additional Information: full citation , index terms 



5 A security architecture for fault-tolerant systems 
>^ Michael K. Reiter, Kenneth P. Birman, Robbert van Renesse 

v 7 November 1994 ACM Transactions on Computer Systems (TOCS), volume 12 issue 4 
Publisher: ACM Press 

Full text available" f£] pdf(2.50 MB) Additional Information: full citation , abstract , references , citings , index 
^ terms , review 

Process groups are a common abstraction for fault-tolerant computing in distributed 
systems. We present a security architecture that extends the process group into a 
security abstraction. Integral parts of this architecture are services that securely and fault 
tolerantly support cryptographic key distribution. Using replication only when necessary, 
and introducing novel replication techniques when it was necessary, we have constructed 
these services both to be easily defensible against atta ... 

Keywords: key distribution, multicast, process groups 



Survey an d benchmark of block ci phers for wireless sensor networks 
Yee Wei Law, Jeroen Doumen, Pieter Hartel 

February 2006 ACM Transactions on Sensor Networks (TOSN), volume 2 issue 1 
Publisher: ACM Press 

Full text available: fgl pdf(354.39 KB) Additional Information: full citation , ap pendices and su p_pjements, 
^ abstract , references , index terms 

Cryptographic algorithms play an important role in the security architecture of wireless 
sensor networks (WSNs). Choosing the most storage- and energy-efficient block cipher is 
essential, due to the facts that these networks are meant to operate without human 
intervention for a long period of time with little energy supply, and that available storage 
is scarce on these sensor nodes. However, to our knowledge, no systematic work has 
been done in this area so far. We construct an evaluation framew ... 

Keywords: Sensor networks, block ciphers, cryptography, energy efficiency 
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7 Workshop on architectural support for security and anti-virus (WASSA): Towards the Q 

issues in architectural su p port for protection of software execution 
^ Weidong Shi, Hsien-Hsin S. Lee, Chenghuai Lu, Mrinmoy Ghosh 

March 2005 ACM SIGARCH Computer Architecture News, volume 33 issue i 

Publisher: ACM Press 

Full text available: 1 ^ pdf(436. 30 KB ) Additional Information: full citation , abstract , references , index terms 

Recently, there is a growing interest in the research community to employ tamper- 
resistant processors for software protection. Many of these proposed systems rely on a 
specially tailored secure processor to prevent 1) illegal software duplication, 2) 
unauthorized software modification, and 3) unauthorized software reverse engineering. 
Most of these works primarily focus on the feasibility demonstration and design details 
rather than trying to elucidate many fundamental issues that are either "el ... 

Keywords: attack, copy protection, encryption, security, tamper resistance 



8 A model to order the encryption algorithms according to their quality 
A. R. Prieto, J. G. Tomas 

>/ July 1987 ACM SIGCOMM Computer Communication Review, volume 17 issue 3 
Publisher: ACM Press 

Full text available: ^pdf (565.17 KB) Additional Information: full citation , abstract , index terms 

Usually the unicity distance is used to give the strength of encryption algorithms. In this 
work, the behaviour of encipherment algorithm has been analyzed and two different 
parameters are proposed in order to evaluate the quality. These parameters are checked 
against the unicity distance and a final test has been executed, using DES. 

9 Security: SECA: security-enhanced communication architecture 




Joel Coburn, Srivaths Ravi, Anand Raghunathan, Srimat Chakradhar 

September 2005 Proceedings of the 2005 international conference on Compilers, 



architectures and synthesis for embedded systems CASES '05 
Publisher: ACM Press 

Full text available: ^] pdf(396.53 KB) Additional Information: full citation , abstract , references , index terms 

In this work, we propose and investigate the idea of enhancing a System-on-Chip (SoC) 
communication architecture (the fabric that integrates system components and carries the 
communication traffic between them) to facilitate higher security. We observe that a wide 
range of common security attacks are manifested as abnormalities in the system-level 
communication traffic. Therefore, the communication architecture, with its global system- 
level visibility, can be used to detect them. The communicati ... 

Keywords: AMBA Bus, access control, architecture, attacks, bus, communication, digital 
rights management (DRM), intrusion detection, security, security-aware design, small 
embedded systems, system-on-chip (SoC) 



10 A new paradigm hidden in steganography Q 
^ Ira S. Moskowitz, Garth E. Longdon, LiWu Chang 

V February 2001 Proceedings of the 2000 workshop on New security paradigms NSPW 
•00 

Publisher: ACM Press 

Full text available: *^] p df (1.05 MB) Additional Information: full citation , references , citings, i ndex terms 
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Keywords: information hiding, steganography 



11 Stren g th of two data encryption standard implementations under timin g attacks 
A. Alejandro Hevia, Marcos Kiwi 

V 7 November 1999 ACM Transactions on Information and System Security (TISSEC), 

Volume 2 Issue 4 

Publisher: ACM Press 

Full text available* fi3 odfd 83 73 KB) Additional Information: full citation , abstract , references , citin gs, index 
. [A] ■ terms , review 

We study the vulnerability of two implementations of the Data Encryption Standard (DES) 
cryptosystem under a timing attack. A timing attack is a method, recently proposed by 
Paul Kocher, that is designed to break cryptographic systems. It exploits the engineering 
aspects involved in the implementation of cryptosystems and might succeed even against 
cryptosys-tems that remain impervious to sophisticated cryptanalytic techniques. A timing 
attack is, essentially, a way of obtaining some users ... 

Keywords: cryptanalysis, cryptography, data encryption standard, timing attack 



12 Automatic testing equivalence verification of spi calculus specifications 
Luca Durante, Riccardo Sisto, Adriano Valenzano 

April 2003 ACM Transactions on Software Engineering and Methodology (TOSEM), 

Volume 12 Issue 2 
Publisher: ACM Press 

Full text available: pdf(829.73 KB) Additional Information: full citation , abstract , references , index terms 

Testing equivalence is a powerful means for expressing the security properties of 
cryptographic protocols, but its formal verification is a difficult task because of the 
quantification over contexts on which it is based. Previous articles have provided insights 
into using theorem-proving for the verification of testing equivalence of spi calculus 
specifications. This article addresses the same verification problem, but uses a state 
exploration approach. The verification technique is based on the ... 

Keywords: Cryptographic protocols, equivalence verification, state space exploration 



13 Access Control Models and Mechanisms: Cry ptogra phic access control in a 
distributed file system 
Anthony Harrington, Christian Jensen 

June 2003 Proceedings of the eighth ACM symposium on Access control models and 
technologies SACMAT '03 

Publisher: ACM Press 

Full text available- 1SI pdf(249 24 KB) Add ' t ' onal Information: full citation , abstract , references, citings, index 
"I*" 1 terms 

Traditional access control mechanisms rely on a reference monitor to mediate access to 
protected resources. Reference monitors are inherently centralized and existing attempts 
to distribute the functionality of the reference monitor suffer from problems of 
scalability. Cryptographic access control is a new distributed access control paradigm 
designed for a global federation of information systems. It defines an implicit access 
control mechanism, which relies exclusively on cryptography to provide ... 

Keywords: access control, cryptography, network file systems 
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Secure and secur ity s ystems: Satisfiability-based framework for enablin g side- 
channel attacks on cryptographic software 

Nachiketh R. Potlapally, Anand Raghunathan, Srivaths Ravi, Niraj K. Jha, Ruby B. Lee 
March 2006 Proceedings of the conference on Design, automation and test in Europe: 
Designers 1 forum DATE '06 

Publisher: European Design and Automation Association 

Full text available: |£| pdf(161.25 KB) Additional Information: full citation , abstract , references 

Many electronic systems contain implementations of cryptographic algorithms in order to 
provide security. It is well known that cryptographic algorithms, irrespective of their 
theoretical strength, can be broken through weaknesses in their implementation. In 
particular, side-channel attacks, which exploit unintended information leakage from the 
implementation, have been established as a powerful way of attacking cryptographic 
systems. All side-channel attacks can be viewed as consisting of two p ... 

15 Security: Key-assignment strategies for CPPM 
Andre Adelsbach, Jorg Schwenk 

September 2004 Proceedings of the 2004 workshop on Multimedia and security 
MM&Sec '04 

Publisher: ACM Press 

Full text available: pdf(454.53 KB ) Additional Information: full citation , abstract , references , index terms 

CSS, the first system to protect multimedia content on the new DVD medium failed badly, 
because both its encryption algorithm and its key management could easily be broken. A 
new industry initiative, the 4C Entity, LLC (founded by IBM, Intel, Matsushita and 
Toshiba), presents a more mature approach, called "Copy Protection for Prerecorded 
Media" (CPPM), which has already been adopted in DVD-Audio. A key-feature of CPPM is 
its advanced key-management, which allows for system renewability by revoki ... 

Keywords: CPPM, content protection, device revocation, key-assignment, key- 
management 



16 Improved proxy re-encryption schemes with applications to secure distributed storage jjjj 
Giuseppe Ateniese, Kevin Fu, Matthew Green, Susan Hohenberger 

February 2006 ACM Transactions on Information and System Security (TISSEC), volume 

9 Issue 1 
Publisher: ACM Press 

Full text available: *g| p df (331 .59 KB) Additional Information: full cit at i on , abstract , re ferences , index terms 

In 1998, Blaze, Bleumer, and Strauss (BBS) proposed an application called atomic proxy 
re-encryption, in which a semitrusted proxy converts a ciphertext for Alice into a 
ciphertext for Bob without seeing the underlying plaintext. We predict that fast and secure 
re-encryption will become increasingly popular as a method for managing encrypted file 
systems. Although efficiently computable, the wide-spread adoption of BBS re-encryption 
has been hindered by considerable security risks. ... 

Keywords: Proxy re-encryption, bilinear maps, double decryption, key translation 




17 Requirements analysis: Secure systems development based on the common criteria: Q 
the PalME pro j ect 

Monika Vetterling, Guido Wimmel, Alexander Wisspeintner 

November 2002 Proceedings of the 10th ACM SIGSOFT symposium on Foundations of 

software engineering SIGSOFT "02/FSE-10 
Publisher: ACM Press 

Additional Information: full citation , abstract , references , citings, index 
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Full text available: |g| pdf(640.02 KB) terms 

Security is a very important issue in information processing, especially in open network 
environments like the Internet. The Common Criteria (CC)is the standard requirements 
catalogue for the evaluation of security critical systems. Using the CC, a large number of 
security requirements on the system itself and on the system development can be 
defined. However, the CC does not give methodological support. In this paper, we show 
how integrate security aspects into the software engineering process. ... 

Keywords: AutoFocus, CASE, case study, common criteria, development process, formal 
methods, graphical description techniques, requirements engineering, security 
engineering, software design, software engineering 



18 Link and channel measurement: A simple mechanism for capturing and replay ing 
^ wireless channels 
^ Glenn Judd, Peter Steenkiste 

August 2005 Proceeding of the 2005 ACM SIGCOMM workshop on Experimental 
approaches to wireless network design and analysis E-WIND '05 

Publisher: ACM Press 

Full text available: ^[ pdf(6.06 MB ) Additional Information: full citation , abstract , references , index terms 

Physical layer wireless network emulation has the potential to be a powerful experimental 
tool. An important challenge in physical emulation, and traditional simulation, is to 
accurately model the wireless channel. In this paper we examine the possibility of using 
on-card signal strength measurements to capture wireless channel traces. A key 
advantage of this approach is the simplicity and ubiquity with which these measurements 
can be obtained since virtually all wireless devices provide the req ... 

Keywords: channel capture, emulation, wireless 
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19 Cryptographic sealing for information secrecy and authentication Q 




David K. Gifford 
April 1982 Communications of the ACM, volume 25 issue 4 



Publisher: ACM Press 

Full text available- ID pdfd 29 MB) Additional Information: full citation , abstract, ref erences , citings, Index 
' terms 

A new protection mechanism is described that provides general primitives for protection 
and authentication. The mechanism is based on the idea of sealing an object with a key. 
Sealed objects are self-authenticating, and in the absence of an appropriate set of keys, 
only provide information about the size of their contents. New keys can be freely created 
at any time, and keys can also be derived from existing keys with operators that include 
Key-And and Key-Or 

Keywords: conentional crypto-systems, cryptographic sealing, key, seal, secrecy, unseal 



20 Security as a new dimension in embedded system desi g n: Security as a new Q 
^ dimension in embedded system desig n 

^ Srivaths Ravi, Paul Kocher, Ruby Lee, Gary McGraw, Anand Raghunathan 

June 2004 Proceedings of the 41st annual conference on Design automation DAC '04 
Publisher: ACM Press 

Full text available- 151 pdf(209 10 KB) Additional Information: full citation, abstract, references , citings, index 
' ^ : terms 

The growing number of instances of breaches in information security in the last few years 
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has created a compelling case for efforts towards secure electronic systems. Embedded 
systems, which will be ubiquitously used to capture, store, manipulate, and access data of 
a sensitive nature, pose several unique and interesting security challenges. Security has 
been the subject of intensive research in the areas of cryptography, computing, and 
networking. However, despite these efforts, security is ... 

Keywords: PDAs, architectures, battery life, cryptography, design, design 
methodologies, digital rights management, embedded systems, performance, security, 
security processing, security protocols, sensors, software attacks, tamper resistance, 
trusted computing, viruses 
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